The Agent Skills Directory

[COMMAND_EXECUTION]: The skill describes execution patterns for the Claude Code CLI, including the use of high-privilege tools. It specifically demonstrates granting pre-approval for bash commands such as 'npm', 'node', 'git', and 'nix' via the '--allowedTools' flag, and highlights the '--permission-mode bypassPermissions' option which disables security prompts.
[REMOTE_CODE_EXECUTION]: The skill facilitates remote code execution capabilities by teaching users how to authorize an AI sub-agent to run arbitrary system commands and perform multi-file refactoring. This design allows for the execution of untrusted logic if the agent's prompts are influenced by external data.
[PROMPT_INJECTION]: The described workflow is highly vulnerable to indirect prompt injection because it encourages the agent to ingest and analyze local codebase files (e.g., '@src/', 'Read task.md'). This content is then used to drive subsequent agent actions, including file writes and command execution, without adequate sanitization or boundary markers.
Ingestion points: Codebase files accessed through the '@' path prefix and the 'Read' tool as shown in multiple session management examples in SKILL.md.
Boundary markers: Absent; the examples show direct ingestion of file content into the agent's context without the use of protective delimiters or instructions to ignore embedded commands.
Capability inventory: The sub-agent is typically granted 'Bash', 'Edit', 'Write', 'WebSearch', and 'WebFetch' tools, which can be abused if the input is poisoned.
Sanitization: Absent; the reference material does not include validation or escaping of the content read from the filesystem before it influences agent behavior.
[EXTERNAL_DOWNLOADS]: The skill mentions and utilizes tools for network operations, including 'WebSearch' and 'WebFetch', which enable the agent to download and process content from external URLs.

claude-code-reference